Kaspersky
Solved

Rezuc Ransomware... [MOVED] [Solved][Closed]

  • 18 July 2019
  • 3 replies
  • 1605 views

Hi,

My 2 PC have been infected with .rezuc files & all files are encrypted with .rezuc extension. I contacted Kaspersky support team, they told me to try "Rakhni Decryptor" BUT it's not successull. Then they also also told me to put my problem here on forum.

Can anyone help to decrypt my all files? I have no back up.

I have attached screenshot of "all files shown in windows explorer". AND I am unable to upload encrypted file (because file has ".rezuc" extension).



Please reply.


Thanks for your valuable time,
Ash.

Moderator: Moved to the correct forum.
icon

Best answer by Caos 18 July 2019, 13:35

View original

This topic has been closed for comments

3 replies

Userlevel 7
Badge +11
Hello Ash,

  • When the Kaspersky support team told you to post here did they say there was nothing else they could do?
------
  • When STOPDecrypter was run was the computer in SafeMode?
  • IF "NO", enter SafeMode, no network, and NO other activity - ONLY STOPDecrypter
&
  • STOPDecrypter updates frequently - do not stop trying.
------
  1. Did you upload an encrypted File to: https://id-ransomware.malwarehunterteam.com/index.php?lang=en ?
  2. Did you upload 2 files to: https://www.nomoreransom.org/crypto-sheriff.php?lang=en
  3. Have you followed all the advice provided @
  • https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/
&
  • https://malwaretips.com/blogs/remove-rezuc/
-------
  • Did TS also suggest posting to (Kaspersky Club) https://kasperskyclub.com/
Please let us know?
Thanks.
Hi,

I have also tried STOPDecrypter tool BUT unable to decrypt file.

If there is any other solution, please help.
Userlevel 7
Badge +11
Hi,

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware. But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en

You can find information that can help you here: https://www.nomoreransom.org/en/index.html

Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility

If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account, send them a sample of an encrypted file, and if you have the same file unencrypted.

If your files are encrypted with the Rezuc extension, then your computer is infected with the STOP (DJVU) ransomware.
The STOP (DJVU) ransomware encrypts the personal documents found on the victim’s computer, then displays a message which offers to decrypt the data if payment in Bitcoin is made. The instructions are placed on the victims desktop in the _readme.txt file.

Try with STOPDecrypter tool.

Regards